Problem solve Get help with specific problems with your technologies, process and projects.

Beware of Web dialers

They can be installed on your computer like a virus and can run up your telephone bill by making calls over your modem.

Just when you thought it was safe to use your modem, another problem lurks just around the corner. Many Web sites...

are seeking to gain additional income through telephone billing, rather than credit card transactions. This method of commerce transaction is useful for small transactions or use-base fees. Web dialers are small programs used often by pay-per-view sites. Web dialers cause the visiting computer to automatically dial a phone number that incurs toll charges. Only while the call is active is the user granted access to the site. While this is a legitimate method to charge users for services, it has recently become the focus of a new type of fraud.

Some malicious sites and users have latched onto Web dialing and discovered ways of tricking end users into dialing up the charge lines, even when they are not interacting with a pay-per-view Web site. Web dialers are very small, typically less than 100 KB in size. Web dialers can be deposited on your system in the same ways that Trojans, viruses and other malicious code are -- namely via e-mail attachments, inside downloaded software or through social engineering and coercion.

When installed, they are often configured to turn off your modem speaker, disable all visible signs that your modem is active and dial the charge line at any time. Line charges range from pennies to dollars per minute. If your system remains connected to a charging phone line, your end-of-the-month phone bill will be quite surprising.

Even if you use a cable modem, DSL or ISDN as your primary Internet connection, you are still vulnerable if you have a telephone modem installed and attached to a phone line. This is true even if you use a LAN connection to access the Internet. As a first line of defense, disconnect the telephone cable from the modem whenever you are not actively using it.

Fortunately, many of the malicious code scanning tools, including antivirus software, have added Web dialers to their list of culprits to lookout for. Download the latest updates available for your software and scan your system today!

About the author
James Michael Stewart is a partner and researcher for ITinfopros, a technology-focused writing and training organization.

For more information on this topic, visit these resources:
This was last published in June 2003

Dig Deeper on Application attacks (buffer overflows, cross-site scripting)

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.